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Amendments to the Claims : 

This listing of claims replaces all prior versions and listings of claims in the 
application: 

Listing of Claims : 

1 . (Currently Amended) A method comprising: 

receiving, at a server, a request from a client to take an action with respect to an 
electronic document; 

retrieving a document identifier from the request; 

determining whether user authentication is needed based on the document 
identifier and the action; 

sending information specifying an acceptable authentication procedure; 
receiving an authentication procedure update request from the client; 

obtaining, at the server and in response to the request, a software program 
comprising instructions operable to cause one or more data processing apparatus to perform 
operations effecting an authentication procedure; and 

sending the authentication program to the client for use in identifying a current 
user and controlling the action with respect to the electronic document based on the current user 
and document-permissions information associated with the electronic document. 

2. (Original) The method of claim 1, wherein obtaining the software program 
comprises requesting and receiving the software program from a second server. 

3. (Currently Amended) A The method of cloim 1, further comprising: 
receiving, at a server, a request from a client to take an action with respect to 

an electronic document; 
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obtaining, at the server and in response to the request, a software program 
comprising instructions operable to cause one or more data processing apparatus to 
perform operations effecting an authentication procedure; 

sending the authentication program to the client for use in identifying a 
current user and controlling the action with respect to the electronic document based on 
the current user and document-permissions information associated with the electronic 
document; 



the electronic document; 

obtaining, in response to the subsequent request, a new software program 
comprising instructions operable to cause one or more data processing apparatus to perform 
operations effecting the updated authentication procedure; and 

sending the new software program to the client for use in identifying the current 
user and controlling the action with respect to the electronic document based on the current user 
and the document-permissions information associated with the electronic document. 

4. (Original) The method of claim 1, wherein the software program uses an 
existing interface provided by the client to communicate authentication information to the server. 

5. (Original) The method of claim 1, further comprising: 

receiving credentials information from the client derived at least in part based on 
input obtained by the client using the software program; and 

communicating with a third party authentication server to authenticate the current 
user based on the credentials information. 



receiving an updated authentication procedure; 

receiving a subsequent request from the client to take the action with respect to 



6. (Original) The method of claim 5, wherein the input obtained by the client 
comprises text input. 
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7. (Original) The method of claim 5, wherein the input obtained by the client 
comprises biometric data. 

8. (Original) The method of claim 1 , further comprising: 

receiving from the client an authentication receipt obtained by the client from a 
third party authentication server based on input obtained by the client using the software 
program; and 

verifying the current user with the third party authentication server using the 
authentication receipt. 

9-11. (Cancelled) 

12. (Currently Amended) A software product tangibly embodied in a machine- 
readable medium, the software product comprising instructions operable to cause one or more 
data processing apparatus to perform operations comprising: 

receiving a request from a client to take an action with respect to an electronic 

document; 

retrieving a document identifier from the request; 

determining whether user authentication is needed based on the document 
identifier and the action; 

sending information specifying an acceptable authentication procedure; 
receiving an authentication procedure update request from the client; 

obtaining, in response to the request, an authentication process; and 
sending the authentication process to the client for use in identifying a current 
user and controlling the action with respect to the electronic document based on the current user 
and document-permissions information associated with the electronic document. 
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13. (Original) The software product of claim 12, wherein obtaining the 
authentication process comprises requesting and receiving the authentication process from a 
second server. 

14. (Currently Amended) A The software product of claim 12, wherein the 
operations further comprise tangibly embodied in a machine-readable medium, the 
software product comprising instructions operable to cause one or more data processing 
apparatus to perform operations comprising : 

receiving a request from a client to take an action with respect to an 
electronic document; 

obtaining, in response to the request, an authentication process; 

sending the authentication process to the client for use in identifying a 
current user and controlling the action with respect to the electronic document based on 
the current user and document-permissions information associated with the electronic 
document; 

receiving a subsequent request from the client to take the action with respect to 
the electronic document; 

obtaining, in response to the subsequent request, a new authentication process; 

and 

sending the new authentication process to the client for use in identifying the 
current user and controlling the action with respect to the electronic document based on the 
current user and the document-permissions information associated with the electronic document. 

15. (Original) The software product of claim 12, wherein the authentication 
process uses an existing interface provided by the client to communicate authentication 
information to the server. 



Applicant : Jonathan D. Herbach, et al. Attorney's Docket No.: 07844-623001 / P568 

Serial No. : 10/699,165 

Filed : October 3 1 , 2003 

Page : 9 of 21 



16. (Original) The software product of claim 12, wherein the operations further 
comprise: 

receiving credentials information from the client derived at least in part based on 
input obtained by the client using the software program; and 

communicating with a third party authentication server to authenticate the current 
user based on the credentials information. 

17. (Original) The software product of claim 16, wherein the input obtained by 
the client comprises text input. 

18. (Original) The software product of claim 16, wherein the input obtained by 
the client comprises biometric data. 

19. (Original) The software product of claim 12, wherein the operations further 
comprise: 

receiving from the client an authentication receipt obtained by the client from a 
third party authentication server based on input obtained by the client using the software 
program; and 

verifying the current user with the third party authentication server using the 
authentication receipt. 

20-22. (Cancelled) 

23. (Original) A system comprising: 

a client that sends a request to a server when an action is to be taken with respect 
to an electronic document local to the client; 
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the server that receives the request, and in response to the client, the server 
obtains and sends a software program comprising instructions operable to cause one or more data 
processing apparatus to perform operations effecting an authentication procedure; and 

wherein the client uses the authentication program to identify a current user and 
control the action with respect to the electronic document based on the current user and 
document-permissions information associated with the electronic document. 

24. (Original) The system of claim 23, further comprises a second server that 
provides the software program. 

25. (Original) The system of claim 23, wherein the client includes a security 
handler that provides a server-communication interface to the software program. 

26. (Original) The system of claim 23, further comprising a third party 
authentication server that authenticates the current user based on credentials information derived 
at least in part based on input obtained at the client using the software program. 

27. (Original) The system of claim 26, wherein the client obtains an 
authentication receipt from the third party authentication server and forwards the authentication 
receipt to a server for verification. 

28. (Original) The system of claim 23, wherein the server comprises: 
a server core with configuration and logging components; 

an internal services component that provides functionality across dynamically 
loaded methods; and 

dynamically loaded external service providers, including an authentication service 

provider. 
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29. (Original) The system of claim 23, further comprising: 

a business logic tier comprising a cluster of document control servers, including 

the server; 

an application tier including the client comprising a viewer client, a securing 
client, and an administration client; and 

a load balancer that routes client requests to the document control servers. 

30-34. (Cancelled) 

35. (New) The system of claim 23, wherein the server obtains the software program 
by requesting and receiving the software program from a second server. 

36. (New) The system of claim 23, wherein the server receives a subsequent request 
from the client to take the action with respect to the electronic document, obtains, in response to 
the subsequent request, a new authentication process, and sends the new authentication process 
to the client for use in identifying the current user and controlling the action with respect to the 
electronic document based on the current user and the document-permissions information 
associated with the electronic document. 

37. (New) The system of claim 23, wherein the software program uses an existing 
interface provided by the client to communicate authentication information to the server. 

38. (New) The system of claim 23, wherein the server receives credentials 
information from the client derived at least in part based on input obtained by the client using the 
software program, and communicates with a third party authentication server to authenticate the 
current user based on the credentials information. 
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39. (New) The system of claim 38, wherein the input obtained by the client 
comprises text input. 

40. (New) The system of claim 38, wherein the input obtained by the client 
comprises biometric data. 

41. (New) The system of claim 23, wherein the server receives from the client an 
authentication receipt obtained by the client from a third party authentication server based on 
input obtained by the client using the software program, and verifies the current user with the 
third party authentication server using the authentication receipt. 

42. (New) The system of claim 23, wherein the server retrieves a document identifier 
from the request, determines whether user authentication is needed based on the document 
identifier and the action, sends information specifying an acceptable authentication procedure, 
and receives an authentication procedure update request from the client. 



